Antivirus 2009 - How to remove?

Antivirus2009 (a.k.a Antivirus 2009 Pro) is a rogue anti-spyware program – a fake spyware remover, which uses trojans, such as the infamous Zlob, to enter the system. This parasite is a clone of the recently overpopular Antivirus 2008, which has produced many other clones (these include Ultimate Antivirus 2008, Vista Antivirus 2008, System Antivirus 2008 etc.). Like it’s predecessor, as well as pretty much any other rogue, Antivirus 2009 has only one purpose of existence – to lure money out of gullible users.

Once inside and active, Antivirus 2009 will flood the user with popups and fake system notifications, supposedly to inform him that he is infected. This information is absolutely false, which is to be expected: the plan is to convince the user he is infected and therefore in need of an antispyware program. It just so happens, that the first antispyware program the user is bound to come across, is Antivirus 2009 – this is no coincidence, but rather the work of browser hijackers and illicit advertising. The malware redirects web browser to GoogleScanners-360.com; this website may look security-related but it’s part of Antivirus2009 scam. GoogleScanners-360.com is not related to Google Inc.; the name is just a trick to make people trust Antivirus 2009.

The "trial" version of Antivirus2009 may also rely on falsified system scan reports to intimidate the user. This is just another tactic to scare the user.

Antivirus 2009 is a scam and should be treated as such: do NOT download or buy it and block it’s websites bestantivirusscan.com, webscannertools.com, livesecurityinfo.com, antivirus-best.com, secureclick1.com, antivirusonlivescan.com, antivirus-premium-scan.com, googlescanners-360.com, premiumlivescan.com and internetquarantinesite.com using your HOSTS file. These websites are able to infects visitors secretly with other malware.UPDATE: Some users report a new version of trojan that infect PC with Antivirus 2009. At the moment Malwarebytes Anti-Malware seems to fix the problem in most cases.

Automatic Antivirus 2009 removal tools

Other tools

Download Reimage for Antivirus 2009 detectionNote: Reimage trial provides detection of parasite like Antivirus 2009 and assists in its removal for free. You can remove detected files, processes and registry entries yourself or purchase a full version.

* Support is performed by Callstream.

We might be affiliated with some of these programs. Full information is available in disclosure

Manual Antivirus 2009 removal

Important Note: Although it is possible to manually remove Antivirus 2009, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using Reimage or other tools found on 2-viruses.com.

Processes:

Files:

Dll:

Registers:

It is impossible to list all file names and locations of modern parasites. You can identify remaining parasites, other Antivirus 2009 infected files and get help in Antivirus 2009 removal by using Reimage scanner.

29 thoughts on “Antivirus 2009”

I have been infected with the 2009 antivirus. I don’t know a lot about computers, but I am sure learning now. i am a college student who really needs a computer and now we have to get our computer fixed. Luckily my boyfriend’s brother fixes computers for a living. I need to learn about all of these terrible viruses that can hurt my computer and learn what I should or shouldn’t be doing to stop this from happening. This thing keeps popping up telling me I am infected. It is awful! I already had something wrong with my computer and now it is just getting worse. My boyriend goes on sites I tell him not to. I wish he would listen. Hopefully my computer can be fixed. This stinks!!! I need my computer back when the Fall semester starts.

Antivirus 2009 kept popping up, stating that I had 71 infections.
It described all sorts of worms, etc…
So, in sheer desperation, I tried to buy it.
I don’t know why, but, the sale did not go through.
Perhaps my vredit card is already aware of this scam?
I did notice 3 gimmicks at the bottom.
Thank God that the sale failed.
I would have been charged 3 other charges, one being a MONTHLY fee.
I am not computer proficient.
So, this is Fraudulent Predatory tactics, and, should be stopped.

This was very annoying, it is the first form of virus i have had for over a year now, and i was a bit out of practice and out of date with Nod32 anti virus, running version 2.7 when 3.2 is out… I did download the Malwarebytes’ Anti-Malware to try to remove the infection, although I will be getting the more up to date Nod32 soon because at least in my opinion it is still the best anti virus out there.

K.A.Lehnsdal – That is extremaly not likely. Kaspersky labs has enough what to do on its own, and it is a reputable company. On the other hand, to create such exploit one does not need an experience in virus manufacturing – its all about creating new design + purchasing exploits to deliver it to innocent users.

After removing most of AntivirusXP 2009, I could not update Norton AV,
Spybot sd, Adaware 2008, or Superantispyware but could still get to the internet. I found Malwarebytes’ Anti-Malware on download.com (CNet’s reputable site) and after downloading and running it found a few more remnants of the attack and fixed the download problem. I was then able to update my other programs and re-scan. All of them found additional trojan downloaders. The AntiVirusXP 2009 scatters multiple pieces all over Windows and takes multiple softwares to kill based on my field experience with it

Hey dave P., Spybot /Adaware is seriously lacking behind with updates of their database. Thats why we do not recommend them. Next time, you should check hosts file as well, as in some cases the parasites change popular anti-virus program update server address to non-existing or even malicious IP. Malwarebytes anti-malware is very good tool, but also feel free to scan with Spyware Doctor (free scanner) – as it still might leave something behind. Even if my first choice is Spyware Doctor, I usually use both of them on infected PCs, to make sure nothing is left behind.

I got infected by it as well, i know enough about computers to know something was fishy when i went and couldn’t find it my add/remove program files and my system said my protection was running properly. using the Malwarebytes works so don’t b a victim.

I tried MBAM and initially couldn’t get rid of it. Even running it in safe mode seemed to have no effect. Then I tried shutting down System Restore, which proved to be the key. Once I turned off system restore I ran MBAM in safe mode. When I rebooted Antivirus 2009 was gone. Then I turned system restore back on and moved on with a pop-up free existence.

HI, I’m currently in search of a cure for this infestation and will give your recommendations serious thought. For the info of others similarly infected, Spybot, Trend Micro, A Squared Free, Superantispy, and Avira couldn’t removed this plague. I’ve tried repeated scanning without success. Spybot and A squared both detected it but despite quarantining it were unable to prevent it returning straight away. I got hit with this after uninstalling a Kaspersky AV trial (couldn’t afford it just at that time). I hope there isn’t a connection between the two events. I’d now install Kaspersky if I thought it would fix it, but some of the reviews aren’t encouraging. For info only.

Jim, Spybot and A-squared find only adware part of parazites. I am not using Spybot myself as it is updated too slowly. Kaspersky is one of the best anti-viruses around, together with nod32. So I would encourage to try it if you got license. However, for rogue protection you might want try Spyware Doctor or Malwarebytes anti-Malware as well. Hope this helps.

Damn Trojan/Virus thing destroyed all my wallpapers, set up itself as Admin, and general pissed me off for 16 hurs. Went and bought Kaspersky, barely got it to install. Full Scanned 3 times. Worked enough to download Malwarebytes. Worked well . Full scanned 3 times. UNABLE to get the popup fron Antivirus 2009 out of Internet Explorer. Went through the above manual removal but all that crap was destroyed by Kaspersky or Malwarebytes. Help please. Sits at top of my browser LAUGHING at Kaspersky, Malwarebytes and me.

My kids downloaded this Antivirus 2009 onto their desktop without realizing what it was. When it popped up on my laptop, I immediately realized it was not a windows based program as it appears to be and couldn’t click out of it without doing going into task manager and shutting it down there. Luckily, I haven’t seen it come back up on my laptop, but – now I’ve got this on the desktop and no matter what I do, I cannot get rid of it. The virus seems to have made it impossible for me to do a system restore, it also does not show up in my program list, I cannot run the normal “tricks” that I normally do when the kids get stuff on their computer. I’ll admit, I’m not handy enough to go in and fix the registry and all that stuff, and after reading some of the above comments, it looks like our computer might be toast… what’s crazy is I have good antivirus software on my computer, but from what I can tell, when this “thing” got downloaded, my antivirus software stopped working as well. What a nasty little bug… (that’s my story). 🙁

This is working fix! This is a working fix! We should work together and make sure these folks find a nice cosy jail cell where they can receive the proper education on messing with peoples systems who they don’t even know!
Something you might check for those infected with Antivirus 2009, or variants. I found this after watching my outgoing and incoming traffic, I noticed the Server was listed after clicking Show Hidden Devices. You will be so happy so fast it’s not even funny.

-Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.
-Scroll down to â€œNon-plug and Play Driversâ€ and click the plus icon to open those drivers.
-Then search for â€œTDSSserv.sysâ€
-IF it’s there, right click on it, and select â€œDisableâ€. (NOT uninsatll)
-Reboot

I have to say that even with Nod32 and a few other programs I have been unable to remove all associated files even some listed ones are refusing to delete. I have renamed these and moved them hoping to help correct the problem by quarantining them myself. So far it has been to no avail even after registry edits and everything included in these instructions. You’d think they would make thorough instructions so hopefully this new tactic of changing their names and moving them to another place when it tells me the administrator that I can’t delete the files. You’d think Nod32 would have a fix for this with this much info on the net about it.

Sgt. Matthew, you are my Hero :). Been messing with this for two days, and your fix did it. This must be a newer version of the attack, and it prevents malwarebytes from even running after being installed.

WOW this is so frustrating. I got this virus last night and I have blown my entire day off trying to get this thing off my computer! Sgt Matthew, I tried your fix, but the file was not there. Any other ideas? Could they have made this bug hardier in the last 2 days? I don’t think I’m skilled enough to tap into the registry files, so I guess my $110/hour computer guy is going to get some business. I’ve run malware and searched for files manually, but I still get blocked on the Internet. I’ll repost if I find a solution.

I have my own company repairing computers for 13 years and Antivirus 2009 has affected more of my customers than any other virus. I used to repair it manualy but I found malwarebytes does work the best on removing it.

I tried malwarebytes and it said it removed all the infected files but I still get the stupid pop-ups .. any help please??????

Those idiots who created this stupid virus and other ones need to be thrown in jail for the rest of their f***n lives .. and yes, it is not cool to mess with people’s computers and infect them with viruses, those idiots needs to be prosecuted … the cowards.

I guess I was so frustrated the first message that I did not read all the feedback here .. Sgt Mathew, I tried to locate the driver u mentioned, TDSS?? but could not find it, I was kind of hoping that this would work .. any other ideas pls … what frustrates me even more that I have a full NAV version with online protection and it is setting there with its green fancy lihght that everything is ok and my system is secure while the stupid virus dancing on the screen with those annoying pop-ups .. I try to update NAV from time to time but nothing is happining, it still give the false stat of my system is “secure” .. any help woult be greatly appreciated .. I need my computer back it is very important to me .. thanks.

My son’s laptop needed a new hard drive and the backup software installed. Went to Geek Squad and had them also install Computer Associate’s (CA) Anti-virus/spyware. He now has this malware on his computer. Is it possible CA missed this malware install or could it have been on his computer when I brought it home from Geek Squad?

Antivirus 2009 facts

Antivirus 2009 quicklinks

Note: Reimage trial provides detection of parasite like Antivirus 2009 and assists in its removal for free. You can remove detected files, processes and registry entries yourself or purchase a full version.